Maintains accountability for information system media during transport outside of controlled areas;

Documents activities associated with the transport of information system media; and

Restricts the activities associated with the transport of information system media to authorized personnel.

Control Information

Responsible role(s) - Organization

MP-5 (3) Custodians

Description

The organization employs an identified custodian during transport of information system media outside of controlled areas.

Control Information

Responsible role(s) - Organization

MP-5 (4) Cryptographic Protection

Description

The information system implements cryptographic mechanisms to protect the confidentiality and integrity of information stored on digital media during transport outside of controlled areas.

Control Information

Responsible role(s) - Organization

MP-6 Media Sanitization

Description

The organization:

Sanitizes [Assignment: organization-defined information system media] prior to disposal, release out of organizational control, or release for reuse using [Assignment: organization-defined sanitization techniques and procedures] in accordance with applicable federal and organizational standards and policies; and

Employs sanitization mechanisms with the strength and integrity commensurate with the security category or classification of the information.

Description

Control Information

MP-6 (2) Equipment Testing

Description

The organization tests sanitization equipment and procedures [Assignment: organization-defined frequency] to verify that the intended sanitization is being achieved.

Control Information

Responsible role(s) - Organization

MP-6 (3) Nondestructive Techniques

Description

The organization applies nondestructive sanitization techniques to portable storage devices prior to connecting such devices to the information system under the following circumstances: [Assignment: organization-defined circumstances requiring sanitization of portable storage devices].

Control Information

Responsible role(s) - Organization

MP-6 (7) Dual Authorization

Description

The organization enforces dual authorization for the sanitization of [Assignment: organization-defined information system media].

Control Information

Responsible role(s) - Organization

MP-6 (8) Remote Purging / Wiping Of Information

Description

The organization provides the capability to purge/wipe information from [Assignment: organization-defined information systems, system components, or devices] either remotely or under the following conditions: [Assignment: organization-defined conditions].

Control Information

Responsible role(s) - Organization

MP-7 Media Use

Description

The organization [Selection: restricts; prohibits] the use of [Assignment: organization-defined types of information system media] on [Assignment: organization-defined information systems or system components] using [Assignment: organization-defined security safeguards].

Control Information

Responsible role(s) - Organization

MP-7 (1) Prohibit Use Without Owner

Description

The organization prohibits the use of portable storage devices in organizational information systems when such devices have no identifiable owner.

Control Information

Responsible role(s) - Organization

MP-7 (2) Prohibit Use Of Sanitization-Resistant Media

Description

The organization prohibits the use of sanitization-resistant media in organizational information systems.

Ensures that the information system media downgrading process is commensurate with the security category and/or classification level of the information to be removed and the access authorizations of the potential recipients of the downgraded information;

Control Information

Responsible role(s) - Organization

MP-8 (4) Classified Information

Description

The organization downgrades information system media containing classified information prior to release to individuals without required access authorizations in accordance with NSA standards and policies.